Apa itu CERT/CC atau CSIRT Nasional?

Rev 1.0
07 April 2012

Pada tahun 1988, penyebaran worm pertama bernama Morris terjadi dan menyebar dengan sangat cepat ke seluruh dunia. Sesudah itu, DARPA (Defence Advanced Research Projects Agency) membentuk SEI (Software Engineering Institute) dan kemudian membentuk CERT/CC (Computer Emergency Response Team / Coordination Center) di Carnegie Mellon University di bawah kontrak pemerintah AS. Setelah itu,berbagai negara di Eropa membentuk organisasi sejenis. CERT/CC inilah yang menjadi cikal bakal pengembangan CERT berikutnya diberbagai negara.

Beberapa layanan yang diberikan oleh CERT/CC atau yang kadang disebut dengan CSIRT (Computer Security Incident Response Team) Nasional bagi konstituensinya adalah:

1. Layanan Software Assurance: Secure Coding, Vulnerability Analysis,Function Extraction
2. Layanan Secure Systems: CyberSecurity Engineering, Network Situational Awareness
3. Layanan Pengamanan Organisasi: Resilience Management, antisipasi terhadap ancaman internal, Governance for Enterprise.
4. Layanan Respon Terkoordinasi, termasuk Pembentukan CSIRT, CSIRT Nasional dan IT Forensik.
5. Layanan Informasi untuk: System Administrator, Developers, Peneliti dan Manajer.
6. Layanan Training & Advisory

CERT/CC atau dengan kata lain CSIRT Nasional merupakan CERT yang menjadi koordinator seluruh sektor CERT didalam negeri.

Manfaat Nasional Tim Dapat Memberikan ,dari sudut pandang keamanan tim teknis nasional bisa
1. Berfungsi sebagai titik kontak terpercaya
2. Mengembangkan infrastruktur untuk respon koordinasi terhadap peristiwa keamanan komputer
dalam misalnya, negara atau ekonomi, untuk kegiatan insiden dan ancaman yang terkait dengan setiap
risiko nasional potensial untuk infrastruktur kritis, dan pada setiap tren yang dirasakan
mengenai serangan di masa depan
3. mengembangkan kemampuan untuk mendukung pelaporan insiden di spektrum yang luas dari sektor
dalam batas-batas suatu negara
4. melakukan insiden, kerentanan, dan artefak analisis dan menyebarkan informasi tentang kerentanan dilaporkan dan respon yang sesuai strategi serta berbagi pengetahuan dan strategi mitigasi yang relevan dengan konstituen yang sesuai, mitra, stakeholder dan kolaborator terpercaya lainnya. (Ini juga dapat mencakup koordinasi dengan masyarakat vendor).
5. berpartisipasi dalam cyber fungsi “memantau”; mendorong dan mempromosikan sebuah komunitas
nasional dan regional tim yang berbagi data, penelitian, strategi respon, dan peringatan dini pemberitahuan satu sama lain dan dengan poin yang sama kontak sepanjang mereka sendiri infrastruktur kritis dan lebih luas di luar perbatasan nasional mereka.
6. Membantu Organisasi dan lembaga dalam mengembangkan kemampuan manajemen insiden (misalnya, memberikan bimbingan dan informasi untuk perencanaan dan menerapkan tim, membangun hubungan dan merangsang diskusi antara dan di seluruh badan-badan pemerintah, bisnis publik / swasta, atau akademis
organisasi).
7. menyediakan layanan terjemahan bahasa untuk analisis teknis tentang keamanan informasi dari entitas eksternal
8. membuat praktek keamanan umum terbaik dan bimbingan tersedia melalui publikasi, situs web, dan metode komunikasi lainnya. (Ini jenis informasi dapat meliputi bimbingan teknis untuk mengamankan host dan konfigurasi jaringan, link ke lainnya dipercaya sumber daya dan informasi untuk mengimplementasikan komunikasi serta sistem yang aman, atau membantu pengguna individu melindungi sistem mereka.)
9. mempromosikan atau melaksanakan pengembangan materi pendidikan, kesadaran dan pelatihan
sesuai untuk berbagai khalayak yang berbeda. Populasi sasaran dapat mencakup sistem dan administrator jaringan, CSIRT organisasi lain di dalam negara perbatasan, pembuat kebijakan, perwakilan hukum, penegakan hukum dan / atau peraturan lembaga, dan populasi pengguna umum.
10. mengidentifikasi dan memelihara daftar kemampuan CSIRT dan titik kontak dalam negara atau perekonomian.

Pertanyaannya, siapa yang berhak menentukan CSIRT Nasional atau CERT/CC didalam suatu negara? Dalam sebuah negara yang demokrasi, maka harus ada keterlibatan seluruh stakeholder untuk membicarakan hal ini, bukan sekedar asal klaim, bukan asal membuat regulasi tanpa ada konsultasi publik. Dan harus dilihat terlebih dahulu (sebelum menentukan atau membentuk CERT/CC baru), apakah sudah ada tim lainnya yang bekerja, baik itu komunitas, korporat, vendor, universitas? Sampai sejauh apa yang mereka kerjakan. Bila memang sudah ada tim yang bekerja untuk itu, maka untuk apa membentuk yang baru (Pertimbangkan masalah: anggaran, duplikasi koordinasi, dsb).Optimalkan saja tim yang sudah ada.Beri dukungan terhadap tim tersebut agar bisa berkembang, Pemerintah bisa memberikan insetif khusus (sponsorship/pendanaan maupun dukungan lainnya) kepada tim yang sudah ada.

Yang perlu menjadi pertimbangan juga adalah masalah kontinuitas dan keberlangsungan hidup sebuah CSIRT Nasional atau CERT/CC. Membentuk itu mudah, namun mempertahankan keberlangsungan hidup itu sulit. Mengingat bahwa judul besarnya adalah sebagai kontak nasional, maka tim ini tidak bisa berupaya proyek sesaat (1-3 tahun) dan ketika terjadi pergantian direksi atau staff, maka mereka akan mengatakan: “Negeri kami rentan diserang, karena kami demisioner”. Sebuah CERT/CC tidak bisa seperti itu.

CERT/CC ataupun CSIRT Nasional haruslah sebuah tim yang permanen, yang bisa saja dibentuk pemerintah atau dipegang sementara oleh pemerintah atau diserahkan kepada tim independen yang didukung oleh pemerintah dan komunitas. Karena dasar kerja sebuah CERT adalah Kepercayaan dan Integritas.

Sebuah CERT/CC atau CSIRT Nasional juga harus mampu mengkoordinasikan berbagai permasalahan insiden keamanan informasi didalam negeri. Bukan sebentar2 mengadu keluar negeri, membuka aib negri sendiri diluar negri. Selesaikan perkara dalam negri dengan bicara didalam negri.Bicaralah dengan tim CERT yang ada. CERT/CC atau CSIRT Nasional adalah permasalahan dalam negeri suatu negara, BUKAN persoalan luar negeri. BUKAN menunggu persetujuan pihak luar, tetapi justru kesepakatan tersebut harus datang dari terlebih dahulu dari DALAM negeri. Karena konstituen utama sebuah CERT dan CERT/CC adalah justru didalam negeri itu sendiri (kecuali memang bila CERT tsb mengklaim bahwa konstituennya dari negara lain).

CERT atau CSIRT boleh banyak, karena dalam pandangan ID-CERT: Akan muncul banyak CERT/CSIRT yang tumbuh berdasarkan kelompok sektor maupun geografis,namun diperlukan satu koordinator ditingkat nasional.

Terakhir, Kemampuan komunikasi sesama CSIRT didalam negeri juga menjadi penentu kesuksesan kerja sebuah CSIRT Nasional.

Hidup Merah Putih 🙂

REFERENSI:
[1]- CSIRT Nasional
[2]- Dokumen Creating National CSIRT
[3]- RFC2350
[4]- Dokumen SNI 7512:2008

6 April 2012 - Posted by ahmadkaz | Jurnal Analis

Belum ada komentar.

Tinggalkan komentar Batalkan balasan

« Sebelumnya | Berikutnya »

About Me ~

CURRENT ACTIVITIES

Ahmad Khalil Alkazimy work as Incident Response Team – Researcher and Manager at Indonesia Computer Emergency Response Team [ID-CERT] since May 2011, http://www.cert.or.id/

ID-CERT is a non-profit CERT teams, community-based and independent since 1998, to serve the public on any internet incident involving Indonesia and abroad.

CAREERS

In 2000, he completed the diploma-thesis in APJII with the title: “Study of the Indonesian Internet Backbone Network in IIX-APJII” with the director at that time was Mr. Johar Alam (Technical Chairman of APJII) and Mr. Ferry D.Prasetyo (APJII Secretariat).

On August 15, 2001, after he implement the two-months internship at the APJII Secretariat, and eventually offered to work there as an Internet Resource Analyst APJII.

In 2003, he had successfully organized mechanism of the Open Policy Meeting which is a mechanism of policy discussion in a bottom-up (along with APJII’s members APJII) with reference to the RFC and APNIC policy at that time. At least 5 times as many have been implemented within the next 5 years.

In 2005, he was appointed as Manager of IDNIC Division while he concentrating on the delegation of IPv4 and IPv6 Address in Indonesia as well as advancing the role of APJII NIR (National Internet Registry) who was only 6 in the Asia Pacific region under APNIC.

He faced the toughest challenge that simultaneously delivers APJII end of his career at that time is when the implementation of APRICOT 2007 in Bali, where he served as Secretary / local coordinators along with a team of local and regional committees, which conducted a two-year preparation before the event.

In March 2007, he joined the ID-CERT as a volunteer. In 2010 he began to collect statistics Indonesia Internet Abuse. Reaping year support is available from a variety of respondents, the research goes on until finally in 2012, the Research was renamed to a permanent activity of ID-CERT: Incident Monitoring Reports.

His career began at ID-CERT in 2011, where he became part of the operational team and become active in various forums to promote the role and responsibilities of ID-CERT as well as find the right model of how to ensure the survival of a community CERT. A unique model, which generally CERT around the world are always fully funded by the government, but for the ID-CERT appears to pass through the rugged to survive.

At the end of this, he thanked profusely to all those who have helped his career so far, including but not limited to: APJII, PANDI, APNIC, APIA, PT. Scan Nusantara, IDC Indonesia, WASANTARA.NET, PLN, APCERT and all its member and of course,personally to Mr. Budi Rahardjo (ID-CERT Chairman), Mr. Andika Triwidada (ID-CERT deputy chairman), Mr. Johar Alam, Mr. Sanjaya (APNIC), Mr. Sapto Anggoro, Mr. Onno W. Purbo, Ms. Molly Cheam, DR. Philip Smith and all my friends that I can not mention one by one.

I. Past Experience
[1]- Dec 2010 – May 2011: as an Independent Internet Analyst, doing some research on Indonesian CyberSecurity Threats and Trends 2010.
[2]- Dec 2007 – Feb 2009: Manager at Asia & Pacific Internet Association [APIA],Kuala Lumpur – Malaysia and Jakarta – Indonesia;
[3]- Apr – Dec 2007: Assistant Manager Business Development at PT. SCAN Nusantara,Jakarta – Indonesia;
[4]- Aug 2001 – Mar 2007: Internet Resources Analyst and IDNIC Manager at APJII (The Indonesian ISP’s Association),Jakarta;

II. Achievements
[1]- Implemented the first Open Policy Mechanism in Indonesia, which is a bottom-up policy development (community based policy) through APJII Open Policy Meeting on 2003-2007.More info: http://www.apjii.or.id/aopm/
[2]- Implemented the first Indonesian Internet Abuse Statistics in APJII on 2002-2004. More info: http://www.apjii.or.id/dokumentasi/statistik.php?lang=ind
[3]- Implemented the first Indonesian Standard as a result of the Open Policy Mechanism as listed on: http://www.apjii.or.id/info/standard.php?lang=ind
[4]- Analyzed more than 143 organisations, include: universities networks, ISP’s, Telco’s Operators, Corporate and Banking networks from 2001 until present.

III. Volunteers Activities
[1]- Mar 2007 – present: volunteers at ID-CERT (Indonesian Computer Emergency Response Team).
[2]- Feb 2002 – Feb 2009: volunteers with APRICOT
[3]- Sep 2003 – Mar 2007: volunteers on the APNIC IPv6 policy mailing list that discuss on policy guideline for having an IPv6 allocation from APNIC.
[4]- Jun – Jul 2001: Volunteers in APJII (the Indonesian Internet Service Provider Association).
[5]- Mar – Jun 2000: Volunteer at ISP Wasantara-net in PT.Pos Indonesia.

IV. Professional Activities
[1]- Manager at ID-CERT, since Jan 2012 until Present
Responsible on daily operational of ID-CERT.
[2]- Expert Member of Government Computer Emergency Response Team, Ministry of ICT Indonesia, Jan until Dec 2012;
[3]- Incident Reponse Officer & Researcher:
responsible on doing some research at ID-CERT, since 2010 until Dec 2011.
[4]- Head of Incident Response Team – APJII
Responsible on handling all the internet incident reports sent to and making some statistics based on those reports. (2004 until 2007).
[5]- Secretary of Local Committee for APRICOT 2007 in Bali, coordinated by APJII and APIA (Nov 2004 until June 2007).
[6]- Member of APRICOT Management Committee(MC), since Feb 2005 until 2009.
[7]- Member of IPv6 Taskforce under Directorate General Post and Telecommunication, Ministry of Communication and Information of Republic of Indonesia (Nov 2005 until 2007).
[8]- Member of Internet Security Taskforce (ID-SIRTII) under Directorate General Post and Telecommunication, Ministry of Communication and Information of Republic of Indonesia (Nov 2006 until 31 Dec 2007).
[9]- Member of APRICOT Taskforce under Directorate General Post and Telecommunication, Ministry of Communication and Information of Republic of Indonesia (Feb 2006 until Mar 2007).
[10]- Organizing the 4th APJII Open Policy Meeting and APNIC Training in Jakarta (11-13 Jul 2005)
[11]- Secretary of Indonesian IPv6 Forum, coordinated by APJII. (24 Mar 2004 until 01 Jun 2005)
[12]- Secretary of National Internet Conference and Education [NiCE] 2004 , coordinated by APJII.(15 Mar 2004 until 29 Jul 2004)
[13]- Organizing the 3rd APJII Open Policy Meeting and APNIC Training in conjunction with NiCE2004 in Jakarta (29 July 2004)
[14]- Speaker at the SIG-IX, SIG-NIR and NIR Workshop APNIC16 Meeting in Seoul, Aug 2003:
[15]- Organizing the 2nd APJII Open Policy Meeting in Jakarta (11 Jun 2003) http://www.apjii.or.id/apm2/
[16]- Secretary of the APJII-IIX Taskforce (Indonesian Internet eXchange), from Dec 2001 until Feb 2002.

V. Awards Received
[1]- 31 Mar 2012: Speakers at FIRST TC, BALI 2012 31 March 2012.
[2]- Mar 2011 and 2012: Speakers at APCERT Annual General Meeting;
[3]- 21-24 May 2006: Certificate of Attendance (Special invitation) for AusCERT (Australian Computer Emergency Response Team) Conference 2006.
[4]- Nov 2005: As a Speaker on ID-SIRTII [Indonesia Security Incident Response Team On Information Infrastructure] Forum, hosted by DitJend Postel
[5]- 21–23 Jun 2005: Invitation to attend the International Conference on Information Communication Technology for Development [ICT4D] from the Ministry of Science, Technology and Innovation Malaysia (MOSTI).
[6]- 13-17 Dec 2004: Certificate of Attendance 5-Days Establishing a CSIRT Training Course by AusCERT (Australian Computer Emergency Response Team).
[7]- Feb 2004: Invitation to attend APRICOT (Asia Pacific Regional Internet Conference on Operational Technologies) Workshop, Tutorials and Conference 2004 in Kuala Lumpur, Malaysia.
[8]- Aug 2003: Invitation to attend APNIC (Asia Pacific Network Information Center) 16 in Seoul, South Korea.
[9]- July-Aug 2003: Certificate of Attendance for attending Internship as an Internet Resource Analyst at the APNIC Secretariat in Brisbane.
[10]- Feb 2003: Invitation to attend APRICOT (Asia Pacific Regional Internet Conference on Operational Technologies) Workshop, Tutorials and Conference 2003 in Taipei, Taiwan.
[11]- Mar 2002: Special Invitation to attend Wireless LAN workshop in Yogyakarta.
[12]- Mar 2002: Special Invitation to attend the APRICOT (Asia Pacific Regional Internet Conference on Operational Technologies) Workshop, Tutorials and Conference 2002 in Bangkok.
[13]- Feb 2002: Special Invitation to attend VOIP seminar in Jakarta.
[14]- Aug 2001: Certificate of attendance for attending “Effective IP Address Management: Asia Pacific Policies and Procedures.
[15]- May 2001: Certificate of attendance for attending the Indonesian E-Government seminars : ASPACTEL
=================================================================================

April 2012

S S R K J S M

1

2 3 4 5 6 7 8

9 10 11 12 13 14 15

16 17 18 19 20 21 22

23 24 25 26 27 28 29

30

« Mar Mei »

Ahmad Alkazimy’s Blog

Blog Analis Internet Independen